caesarsol
commented
5 years ago This is true: to decode the JWT you should use base64url!
That's because of the non-url-safeness of the / and + characters, allowed in the base64 encoding.
Open tom-dierckx opened 7 years ago
The package used for decrypting the jwt token atob only works with base64 encoded strings not with base64 URL safe encoded strings.
We have a JWT url safe b64 encoded and this gives issues when the _ and - characters appear.
Regards,
Tom Dierckx